Do you hear that IT Hero? If you listen closely, just beyond the rhythmic crashing of the waves and peer through the salty mist of the Great Sea. Reach out into the distance, almost beyond the limits of your perception and just barely audible…….that sound….wait, that song…..
A lullaby? Yes, you remember clearly now, it must be only one thing, or rather one evil nemesis. Many have fallen victim to that soft and alluring song. The song of the Siren.
A hardened veteran, such as yourself is not easily fooled by the beautiful, entrancing call of the Siren. Your days as an IT novice have seen many winters pass by, and yet you will never forget that song. But others under your watch are not so seasoned, and are quick to fall victim to the Siren’s Phishing scam.
Your people work tireless for their kingdom, traversing the immense sea of their inbox. Innocent end users going about their business, ignorant to the dangers that will cripple them with a click of the mouse.
These seemingly innocent emails call out to the end user and entice them with false promises, blatant lies that lull them into a trance. Completely enthralled in what they perceive to be true, they excitedly click and………………….game over, all is lost. Your company and/or their personal data has been successfully phished and productivity comes to a wailing halt.
How could this of happen? You ask yourself wearily.
How to prevent Phishing attacks? Now that is the question IT Hero, and it boils down to one thing, you must Know Your Enemy.
First you must educate your end users on best practices for handling emails. Train them to keep a wary eye out for emails that seem suspicious, because chances are there will be. A simple but effective tactic is to hover over links to determine if they are valid or a malicious call from the Siren.
Even though this is a solid first step, it is not completely infallible as it is plagued by the element of human error.
That is why, mighty IT Hero, it is imperative to properly protect your kingdom with multiple layers of security. Instilling this culture of security will impede a hacker’s attempts to breach your kingdom with a successfully phished password. By equipping your end users with armaments to strengthen their logins and building invisible barriers with contextual authentication, you will be able to obstruct their attempts.
But what of the phished password?
That is a great query, IT hero, for it is true that once a password is stolen it is no longer secure. That is why an aggressive password expiration policy needs to be put in place to nullify a phished password. A balance between password management and usability must be struck and empowering your kingdom to easily manage and change their own password is the key!
Be warned, these creatures are quite clever and welcoming, they prey upon the complacency and the false sense of security of your end users. Their song is always the same, a captivating and mesmeric pile of steamy…………lies.